package com.uduemc.biso.web.component;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.stereotype.Component;

@Component
public class MyAccessDeniedHandler extends AccessDeniedHandlerImpl {

	protected static final Log logger = LogFactory.getLog(MyAccessDeniedHandler.class);

	@Override
	public void handle(HttpServletRequest request, HttpServletResponse response,
			AccessDeniedException accessDeniedException) throws IOException, ServletException {
		logger.info(accessDeniedException.getClass().getName());

		/**
		 * 获取到 csrf 不匹配异常
		 */
		if ("org.springframework.security.web.csrf.InvalidCsrfTokenException"
				.equals(accessDeniedException.getClass().getName())
				|| "org.springframework.security.web.csrf.MissingCsrfTokenException"
						.equals(accessDeniedException.getClass().getName())) {
			response.sendRedirect("/login");
			return;
		}

		super.handle(request, response, accessDeniedException);
	}
}
